Cyber D: Interview with Cybersecurity Expert Johnny Young

Cyber D
Johnny Young is a 35-year veteran of the cybersecurity industry who is regarded as one of America’s leading experts on the topic.

Johnny Young is a 35-year veteran of the cybersecurity industry who is regarded as one of America’s leading experts on the topic. Johnny has spent his career helping blue chip companies avoid data breaches and the devastating financial and consumer trust losses that come with them. Unfortunately, cybercrimes are on the rise and Johnny has released the below list of advice for anyone who engages regularly with a computer or phone:

1)   If an unknown number pops up on your CallerID, don’t answer it. Let the call go to voicemail, most unknown callers are scammers.

2)   Social Security will never, ever, call you to say they’re cutting off your payments. Hang up the phone immediately.

3)   Cover the keypad when using your ATM card at the bank or store.

4)   Subscribe to an established Identity Theft Protection Service, like Identity Guard or Lifelock. They monitor credit requests and changes, and will immediately notify a subscriber if their identity is being used.

5)   Enlist the help, and seek the advice, of people in your family who are technically advanced if you have technical questions.

6)   Install anti-virus software on your computers. If you can’t do it, enlist the aid of someone in your family who can.

Johnny Young recently discussed these tips, his career, and more via an exclusive interview.

Meagan Meehan (MM): When did you get interested in working with technology and why did cyber security appeal to you so much?

Johnny Young (JY): I’ve always loved technology and was disappointed the technology I saw on the original Star Trek series didn’t exist in real life. That hurt, but not as bad as when NBC cancelled it in 1969, which prompted me to write them a very, very angry letter. My interest in cybersecurity itself began in 1971, after I read an article in Esquire Magazine about “phone phreaking”. This was in the days before there was a term called “hacking”, but the basic idea was the same; the goal is to get something for nothing, and not to worry about how you got it. As a dumb teenager looking for thrills, I soon found myself on the wrong side of the law when I started manipulating the AT&T telephone system to make free phone calls. After three years of intermittent phone phreaking with no repercussions, two FBI agents showed up at my grandmother’s house, wanting to know who’d made unbillable calls to her number. Across the country, a team of FBI agents went door to door, questioning my neighbors to see if they knew who was making calls from the community pool. What I thought was no big deal was actually a felony. The exact term for it was “Interstate Theft of Services”. Each charge carried the possibility of ten years in jail, and the FBI said they wanted me for over 50 calls I’d made! If I ever was to get lucky in life, that was the time for it. The feds must’ve had too much on their plate because the FBI dropped the investigation, and there it was; I’d caught my first lucky break. I decided to put my skills to good use on the side of law and order from that point on. 45 years later, and after a long cybersecurity career shutting down hackers, slackers, and social engineers, I can say it was probably the best decision I’ve ever made.

MM: How difficult was it to break into this industry and establish yourself?

JY: That’s a great question, and this is the first time anyone has asked it of me. Finding a job in the industry was so difficult, but when I think about the past it’s like I suffer from amnesia about how I initially broke in. Only the major corporations had a computer in 1981, and certainly no home user could imagine owning one.

Can you believe there was a time people still alive can remember when nobody had voicemail, there was no Internet, and PCs hadn’t been invented yet? Cable networks didn’t exist, and if a person missed their favorite TV show they’d be out of luck for months until the network re-ran it again after the season was over, because there was no way to record it. This was 36 years before the iPhone was released; those days seem pretty simple compared to now, lol. I’d gone to an IBM vocational school for a year to learn how to program in four computer languages on a mainframe computer, but I couldn’t get a nibble when it came to finding a job. For two years I worked in the hot, humid, and smelly basement laundry of a hotel, washing sheets and towels, while I continued my education at a local community college. It was pretty discouraging, but one day I checked out the job board at the community college and asked about a random computer job posted there. It was kind of a miracle; in less than a month I’d gone through the interview process and was hired. Trust me, I couldn’t get out of the hotel laundry fast enough.

My first job was to do backups and put paper in the printers. The company only had 15 employees, but you never know what can happen in life; from that job I met my first wonderful mentor, and when she moved on, she took me with her to a giant company with 250,000 employees. That’s when my corporate computer career in the big leagues really began, in 1984. Within four years my mentor left for an exciting job overseas, and I was promoted to take her place; at 27 I was named the 2nd Network Director ever for the $41.8 billion C-17 project with the Air Force. You may have seen the interior of a C-17 in the news recently because it was used to fly out over 600 refugees at a time fleeing Afghanistan after the Taliban took over.

MM: What are the biggest threats you’ve seen cyber criminals conduct?

JY: On a personal, non-corporate level, I think the biggest threats in society are to children, and the elderly. The amount of trauma dealt to the young and the old due to online schemes is truly mind boggling. It’s sickening how many predators lurk on the Internet; they try to lure kids into dangerous, or even deadly, situations by pretending to be their peers. They’ll offer things like vape pens, cartridges, or alcohol; stuff that costs money, and aren’t easy for young people to get. That’s their bait. When a kid shows up to meet in-person they find out their online “friend” isn’t another kid at all, it’s an adult predator eager to take advantage of them.

Every day it becomes harder for parents to keep their kids safe online, and it’s heartbreaking to see. Many kids are trusting, inexperienced in the ways of the world, yet are 100% confident they’ve seen it all, and can take care of themselves. As any adult knows, that’s a very bad mix. Kids want to act like adults, and do the same stuff, but unfortunately, with the wide grasp of the Internet, the outcome can be tragic.

On the other end of the age spectrum, scammers target the elderly people in our country non-stop, and I don’t think the media covers it enough. The lack of media attention really upsets me, as I’ve seen the affect these con artists have had on friends, and even people in my own family. Day after day I personally get phone calls from scammers. One of tricks they use is to say my Social Security account has been locked because they overpaid me, and I won’t receive any future payments. They’ll want me to pull out my debit card or buy them an online gift card. That’s how these low-tech thieves and schemers make their money. Anyone who asks you to pay for something with an online gift card, that’s definitely a scammer.

I also want everyone to know that Social Security will NEVER contact a person by phone or send unsolicited emails. As a government agency, the only way they’ll communicate with someone is through mail, and they’ll do it by sending paper documents to your physical mailbox. The same is true for the IRS, and Medicare, other common phone scams that target older people.

MM: What are some new threats you’ve noticed?

JY: At the corporate level, there’s no question, right now the biggest cybersecurity threat is the ransomware epidemic. The worst-case scenario is for a company to be breached, and then locked out of their own records until they pay a ransom. Hospitals are the current target of choice. Here’s a perfect example; in 2020, an Eastern European group of hackers victimized 250 American hospitals and received over $100 million in ransom money. A single group of hackers alone pulled this off; that’s crazy! There were cases of hospitals having to turn away ambulances carrying sick or dying patients, because they were shut down, and couldn’t take in patients. If anyone should be locked up and the key thrown away, it’s unfeeling sociopaths like these hackers.Every area of society you can imagine can be affected by data breaches, and it’s not always about money.

One frightening thing is the rise of terrorism, both foreign and domestic. There have been many reported probes into our infrastructure. I’ve read about forays into utility companies, and it would obviously wreak havoc if hackers were able to shut down an electric power plant.

I personally think our food distribution chain is especially vulnerable; nowhere was this more evident than during the pandemic, when stores were cleaned out of toilet paper, disinfectants and alcohol wipes in less than a day. These items didn’t appear back on shelves for quite some time.

Mass chaos ensued because the stores were out of toilet paper, but can you imagine what it would be like if there was a food shortage? Americans don’t stock up on food, because we have the luxury of mega supermarkets and fast-food restaurants on every other corner. Hackers who disrupted our food distribution chain would be hitting us where it really hurt, and starvation is the scenario I dislike the most, because I really love to eat.

Another area of concern is the cybersecurity surrounding nuclear weapons. At least 10 countries are known to have nukes, and I’m not confident they have the best controls in place. If terrorists were able to hack into one of these sites from remote, that would be a game changing scenario for the entire world.

This leads me to the other nuclear threat; power plants. If hackers sought a ransom from a company that owns a nuclear plant, they could accidentally cause a meltdown. There are 93 active nuclear reactors in 28 states, and I’ve lived near two of them for over 40 years. I don’t have the greatest trust hackers would have a clue about what they’re doing if they took control of a nuclear reactor; on the job training certainly isn’t the way to go with something that deadly.

The last one I’ll talk about is economic chaos. What if hackers shut down the New York Stock Exchange in an extortion attempt? The value of shares trading hands daily on the NYSE is $5 trillion, per the Bank of International Settlements, and an extended outage due to hacking could cause a global economic collapse if it lasted very long.

There’s already a precedent for that; the NYSE unintentionally caused a four-hour outage when they shot themselves in the foot with a software update that bombed, which has been called their worst outage in 223 years. A four-day outage would be the equivalent of $20 trillion dollars of shares just sitting there; how much ransom money could hackers extort to unlock the computer system of the NYSE? It’s hard to wrap my head around that kind of money, but somewhere, at this very moment, a group of hackers may be planning to hit a large financial institution as a potential target.

MM: How did you come up with your list of what to look out for?

JY: I’ve been retired for six years and had a lot of time to think about it. After 35 years in cybersecurity, I try to look at situations from every possible angle. Some people would say I’m paranoid, others would say I’m practical. Since I live alone and have no one to take care of my pets, I’ve stockpiled a lot of food and water in case something happens. I’m not a Doomsday Prepper by any means, but with the wildfires and earthquakes that can hit the West Coast at any time, it’s best to be prepared. As a best practice, I think it’s a smart idea for everyone to have an emergency kit of food, water and medicine at hand, just in case.

MM: How do you envision your career evolving and expanding in the future?

JY: An interesting question. I thought I’d missed my chance to have a positive impact on society after 35 years as a corporate man, just another spoke helping the company wheel turn. There were so many crucial, critical projects that came up over the years, and I can’t even remember what they were about, because they were only crucial and critical to the company that paid me. The benefits of the software business were nice, and I retired at 56, but watching the crushing blows hackers are dealing to society worldwide I felt my knowledge would be useful to counterbalance it. I came out of retirement in my 60’s to join in the fight against these cyberpunks, and maybe it’s my last best chance to be of service to the world.

MM: What projects are coming up for you soon and is there anything else that you would like to discuss?

JY: When I was retired my goal was to enjoy life, travel, cross things off my bucket list, and write a book on cybersecurity. I did all that for over 6 years and loved it. My little vanity project book eventually expanded to 500 pages, and it’s titled “Don’t Hack”. I’ll self-publish it in November of 2021. In the book I explain cybersecurity fundamentals that took me 35 years to get under my belt, and I hope to shorten my readers learning curve. In it I cover how individuals can protect themselves and their families online, as well as all of the business best practices I’ve learned during my corporate career. There are over four million vacant cybersecurity jobs corporations and the government can’t fill, and my dream is to help people get into our industry. When I look at the number four million, I don’t see four million jobs, I see four million careers! On September 27th, 2021, I also officially launched CyberD TV, the first streaming service dedicated to cybersecurity training for the general public. It’s like Netflix for Cybersecurity! Lol!

CyberD TV is a subscription service, and after a 7-day free trial will cost $9.99 a month. For my fellow seniors I have a free collection of videos just for them, and they don’t have to subscribe to see them. For example, one section with 11 videos is called “The Top Ten Cybersecurity Tips for Seniors”, where I list all ten in the first video as an overview, then go into detail individually for each tip in separate videos.

I also have a 30-minute video on “How Parents Can Keep Their Kids Safe Online”, and that’s free too. Scarlett the Cyber Bird hosted that one with me, and she posted it on YouTube to help parents deal with these terrifying, and very dangerous, online situations.

It gives me great pleasure to defeat these online predators and parasites and help raise cybersecurity awareness among the general public. The free information I give parents and senior citizens will help them quite a bit; I’ve done many interviews and podcasts on those subjects alone, and they’ve received a very positive response.

I’m an old guy who won’t be around to see most of the trees I plant flower and bloom, but it’s awesome to think some of the future thought leaders in cybersecurity will have started off with my books or videos. I worked hard my entire life to put food on the table, and a roof over my head, but this is the most satisfying thing I’ve ever done. I’m very appreciative to be given this chance so late in life to help society, after thinking it had passed me by. I’m grateful to have the opportunity to share my knowledge with anyone who’s interested, and I wish your readers could see the smile on my face, because the work I’m doing in cybersecurity now makes me happier than all the things I’ve done in my career…combined.